Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[whistler]

I open a new topic because there is a chance that this goes south and gets deleted.

This topic relates to Getting into IL-2 Great Battles: Account Registration where Mike mentions:

In order to be able to play IL-2 Great Battles aka "Battle of Stalingrad", regardless which part of the sequel, you need to have an account at il2sturmovik.com.

[...]

Remember: It's mandatory to have an account at il2sturmovik.com.
You need it to login to your game.
You won't be able to play without it.
Not even offline.

The business justification being? they will say "to provide the best service and improve experience blah blah blah", which MUST be translated to: "to log absolutely everything you do because you know, everyone does it these days and we are no different".

You paid for the product. You activated it. Is it yours?

By accepting the terms you become their official drone. You periodically send data to their servers. You spend your free time shooting down pixels and get nothing in return other than a satisfying time. On the other side, they get (hours of) data the drone generated to figure out new/better ways to monetize their product/s further. There is no "to improve experience" behind it, trust me. You paid for the product(s) and now you work for them and for free.

I am not a control freak but I (try to) choose my digital needs wisely. I wouldn't like my fridge vendor to know I didn't consume enough veggies last week, unless I get something back in return for my data, in which case I could voluntarily opt-in... or not.

Here are some terms found in their User agreement:

4.4. The Operator reserves the right to collect and to use any information received by the Operator during the playing process of the User in his discretion.
4.6. Operator is not liable for losses incurred as a result of the use of the Game, as well as for loss or other damage arising from the User in connection with the actions of third parties.
4.7. Operator has the right to unilaterally and at any time limit, extend, modify or terminate the provision of services with the notification of the User on the Resources of the Operator.
4.10. Operator has the right without the consent of the User to set a fee for the access of the User to the expanded functionality.
4.11. Operator is not liable for temporary interruptions and break-downs in the operation of the communication lines, and other similar disruptions, as well as the break-downs of the computer from which a User is connected to the Internet and/or launches the Game.
4.12. In the event of loss of User login to the Web-site of the Operator, Operator does not provide access to the Game and paid for additional services.

I have nothing against free webs/apps/software or any other form of free (as in beer) products, we know the game. But when it comes to hard-earned money, I expect some respect and love for customers.

[SAS~Storebror]

I am not a control freak

I am when it comes to my data. And I see where you're coming from
This is what I did and it's not too hard for anyone else to repeat the process:
I've made a "man in the middle" attack to see what data is being transferred between the game and the AWS servers running the "Master Server" of IL-2 Great Battles.
I did so in order to both see how much of my data gets dumped into their "big data" pool, and in order to get a feeling of how much IL-2 Great Battles is Cheater proof.
Part one was a positive surprise, part two rather negative.

First and aforemost, all the data transfer between client and master server is TLS encrypted on the outer transport layer, and it's additionally proprietarily encrypted "inside".
The latter encryption isn't too tough, it's probably just to keep the wannabe hacking kids from getting in within a minute.
This is already the disappointment concerning cheater protection: With a little bit of skill, you can do what I did, setup your own forwarding TLS proxy to sit in the middle of the data stream and manipulate the data (which I didn't do but could have done). Probably not what you would want to happen in an online game, and unfortunately in contrast to e.g. IL-2 1946, IL-2 Great Battles has no additional protection layer like checking the game files, code contents, flight models or anything else at connection time or during the online session. You can get in, and if you know how to do a man in the middle attack and know how to decrypt/re-encrypt the proprietary inner data format, you can basically cheat as you like.

The good thing is that the data being "leaked" to the master server, at least the mandatory part of it ("offline" mode that is) really only contains your account's email addy and the password hash. Both encrypted, the hash apparently salted. Fine with me. There seems to be no other "chatter" going on between client and master server in "offline" mode apart from this login procedure.
Online mode is different.
I don't say it's good or bad.
It's the design of the game.
All is tied to your single il2sturmovik.com account, and all what you do, be it multiplayer sessions, campaigns, whatever... is synchronized to the "master" server.
Therefore, if e.g. you play an offline campaign, the client will still sync your process in the campaign every few seconds to the master server. Constant chatter. Not apparently anything "secret" inside, but of course when you have access to the master server data, you can see who was playing which campaign when and for how long, how successful it went, what players do before and afterwards, etc. pp... "glassy customer" so to say.
Again, it's the game design showing through here.
On the pro side of this, regardless where you (re)install the game, as soon as you login to your account, you're exactly where you stopped playing on another system before.
It's all in the cloud.
Comfortable, yes. Secure, not necessarily.

Cheers!
Mike

[whistler]

Hi Mike,

Thank you for yet another throughout unbiased report of yours.

I understand the need to log multiplayer data to measure performance and meet demand. No objections at all on this regard. They actually must.

Once the system is in place to carry on its essential (mandatory, is you ask me) requirement then there is nothing stopping you from building upon it. And if more data can be collected, it will be collected. Hey, we pay good money to a cloud provider to save your data so that you can reinstall your game once every 2 years. How cool is that. Well, please don't do it for me thank you. Use that money to pay a good dinner to the devs. Problem is I have no choice, why? I know the answer.

I said my part already, these are the times we live in. Take it or leave it. The problem with Big data is that it nullifies the individual and we all end-up consuming mainstream preferences. See youtube's or any other site's "trending" sections and shiver!

Best regards

[SAS~Storebror]

I know just too well what amount of data one can grab if he wants to.
On that note, did you ever check our Privacy Policy?
I bet it will make you shiver too

Cheers!
Mike

[whistler]

I know just too well what amount of data one can grab if he wants to.
On that note, did you ever check our Privacy Policy?
I bet it will make you shiver too

Cheers!
Mike

shocking! Lucky me I didn't get any invoice